Summary: | www-servers/nginx-1.5.13 version bump | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Tomáš Mózes <hydrapolic> |
Component: | [OLD] Server | Assignee: | Tiziano Müller (RETIRED) <dev-zero> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | axiator, babykart, bugs, dlan, james |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
upstream-check-1.5.11.patch
nginx-1.5.11.ebuild nginx-1.4.6.ebuild nginx-1.5.11.ebuild nginx-1.5.11.ebuild nginx-1.5.11.ebuild nginx-1.5.12.ebuild nginx-1.5.13.ebuild |
Description
Tomáš Mózes
2014-03-04 14:38:44 UTC
Changes with nginx 1.4.6 04 Mar 2014 *) Bugfix: the "client_max_body_size" directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. Thanks to Lucas Molas. *) Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections. See bug 503528. I will run through the ebuilds today and see if we have any modules needing updates. The patch we carry for http_upstream_check added for 1.5.10 now breaks (testing 1.5.11). I'm not sure how long we should carry an out-of-date patch since upstream hasn't been active for ~6 months. > Summary: www-servers/nginx-1.4.6 version bump → www-servers/nginx-1.{4.6,5.11} version bump
This syntax make harder a search and does not avoid the duplicate.
@Agostino: Good points. I basically did it because "it's been done before", which in itself is a pretty bad argument. I'll have this in mind moving forward. Created attachment 371912 [details, diff]
upstream-check-1.5.11.patch
Re-baked upstream_check patch. Work by Tiziano Müller.
Created attachment 371914 [details] nginx-1.5.11.ebuild Verbump to 1.5.11. For changes and discussion, see https://gist.github.com/jbergstroem/9384885 (not really relevant which is why I left it out of bugzilla) Created attachment 371922 [details] nginx-1.4.6.ebuild See comments here: https://gist.github.com/jbergstroem/9401337 Please test this and 1.5.11. Created attachment 372234 [details] nginx-1.5.11.ebuild Updated ebuild. Adds the sticky upstream module (suggestion on better use flag name?) -- https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/. There's currently a floating patch that allows the upstream_check module use the sticky module which sounds like a good combination to me. Upstream is looking into it: https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/issue/3/patch-to-allow I've also added the ajp module, but it fails to build against 1.5.11. Upstream bug here: https://github.com/yaoweibin/nginx_ajp_module/issues/22 Created attachment 372538 [details]
nginx-1.5.11.ebuild
Updated ebuild for nginx 1.5.11. This fixes build issues with the ajp module (newer version upstream). Please test/commit to tree.
SPDY heap buffer overflow Severity: major CVE-2014-0133 Not vulnerable: 1.5.12+, 1.4.7+ Vulnerable: 1.3.15-1.5.11 http://nginx.org/en/security_advisories.html?1.5.12 @Manuel: Thanks for being quick re the bump. We have a slightly different procedure when it comes to security bugs. I just created this: bug 505018. Probably not the right place to discuss, but I feel that it is outside of the security scope of nginx -- Tiziano, should we rather do 1.4.4-r1 with the patch since 1.4.7 will contain a fair amount of changes? That way we can stable -r1 at once and introduce 1.4.7/1.5.12 with above ebuilds. Created attachment 373164 [details]
nginx-1.5.11.ebuild
Replaced the nginx 1.5.11 ebuild; updated 3rd party modules.
Created attachment 373166 [details]
nginx-1.5.12.ebuild
While at it, rename to 1.5.12. No other changes.
Oh yeah, for 1.5.12 you need to rename the upstream patch. nginx-1.4.7 is now in the tree, 1.5.12 follows... (In reply to Tiziano Müller from comment #17) > nginx-1.4.7 is now in the tree, 1.5.12 follows... ping for 1.5.12 :) Changes with nginx 1.5.13 08 Apr 2014 *) Change: improved hash table handling; the default values of the "variables_hash_max_size" and "types_hash_bucket_size" were changed to 1024 and 64 respectively. *) Feature: the ngx_http_mp4_module now supports the "end" argument. *) Feature: byte ranges support in the ngx_http_mp4_module and while saving responses to cache. *) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged when using shared memory in the "ssl_session_cache" directive and in the ngx_http_limit_req_module. *) Bugfix: the "underscores_in_headers" directive did not allow underscore as a first character of a header. Thanks to Piotr Sikora. *) Bugfix: cache manager might hog CPU on exit in nginx/Windows. *) Bugfix: nginx/Windows terminated abnormally if the "ssl_session_cache" directive was used with the "shared" parameter. *) Bugfix: in the ngx_http_spdy_module. Created attachment 374646 [details] nginx-1.5.13.ebuild Attaching updated ebuild for nginx-1.5.13. Few module updates and fixes for bug 506804, bug 506690. As with previous, rename upstream-check patch since we use ${PN}. We should backport the bug fixes for 1.4.x as well (libcap dep and move modsecurity configure). Perhaps with next version bump? Done. thanks for all your work, Johan! |